<?php 
include ("../config/conn.php");
require ("../header.php");
$username = $_POST['username'];
$password = $_POST['password'];
$password = md5("$password");

$sql = "SELECT * FROM admin WHERE ad_no='$username' AND ad_password='$password'";
$ad_login_check = mysql_query($sql);
$ad_stat = mysql_num_rows($ad_login_check);
//Start checking for student login.  Because this username doesnt belong to admin.
if ($ad_stat == 0) {
	$sql = "SELECT * FROM student WHERE stud_no='$username' AND stud_password='$password'";
	$user_login_check=mysql_query($sql);
	$user_stat = mysql_num_rows($user_login_check);
	$stat = $user_stat;
	$sid_table = "user_session";
	$next_location = "../index.php";
	$sid_code = "u_session_code";
	$sid_uname = "u_session_username";
}
//begin login administrator.  Insert session into session and start redirect admin to admin page.
else {
	$stat = $ad_stat;
	$sid_table = "session";
	$sid_code = "session_code";
	$sid_uname = "session_username";
	$next_location = "../admin/admin.php";
}

//start process student login.  And check semester update if available.
if ($stat == 1)
{
	echo "<title>Login Successful</title>";
	//daftar session
	session_register('$username');
	//masukkan session id ke dalam database
	$sql_insert_session="INSERT INTO ".$sid_table." (".$sid_code.",".$sid_uname.") VALUES ('". session_id() ."','$username')";
	$insert_session=mysql_query($sql_insert_session);
	//Check semester update.  Get last_update and next update from each table
	$sql_get_last="SELECT last_update,stud_sem FROM student WHERE stud_no='$username'";
	$sql_get_next="SELECT next_update FROM semester_update";
	$get_last=mysql_query($sql_get_last);
	$get_next=mysql_query($sql_get_next);
	$last=mysql_fetch_assoc($get_last);
	$next=mysql_fetch_assoc($get_next);
	$last_update=$last['last_update'];
	$next_update=$next['next_update'];
	$next_update=strtotime($next_update);
	$last_update=strtotime($last_update);
	//get student current semester and current date
	$sem=$last['stud_sem'];
	$date=date('Y-m-d');
	if ($next_update > $last_update )
	{
		$sql="UPDATE student SET stud_sem='".($sem+1)."' , last_update='$date' WHERE stud_no='$username'";
		$run=mysql_query($sql);
	}
	//output bahawa login berjaya
	echo "<br><br><br><br><br><br><center><b>Login Successful.  Please wait 5 seconds to be redirect to the main page ..</b></center>";
	echo "<META http-equiv=\"refresh\" content=\"5;URL=".$next_location."\">";
}
//this is where login unsuccessful due to password or username incorrect.
else if ($stat == 0)
{
	echo "<title>Login Error</title>";
	echo "<br><br><br><br><br><br><b><center>Login Unsuccessful.  Please wait 5 seconds to be redirect to the login page ..<br></center></b>";
	echo "<META http-equiv=\"refresh\" content=\"5;URL=../login.php?action=505\">";
}
//sent this user back to login.php page because he doesnt register and try to manipulate login engine.
else
{
	echo "<title>Login Error</title>";
	echo "<br><br><br><br><br><b><center>Login Unsuccessful.  Please wait 5 seconds to be redirect to the login page ..</center></b>";
	echo "<META http-equiv=\"refresh\" content=\"5;URL=../login.php?action=0\">";
}
echo "<br><br><br><br><br><br><br><br><br>";
require ("../footer.php");
?>

